The REST API in Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request.
References
Link | Resource |
---|---|
https://blog.gdssecurity.com/labs/2019/2/11/wowza-streaming-engine-manager-directory-traversal-and-local.html | Exploit Third Party Advisory |
https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streaming-engine/CVE-2018-19365.txt | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-18T19:58:13
Updated: 2020-09-18T15:55:13
Reserved: 2018-11-19T00:00:00
Link: CVE-2018-19365
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-21T16:00:30.750
Modified: 2023-01-20T15:49:00.160
Link: CVE-2018-19365
JSON object: View
Redhat Information
No data.
CWE